A blog to share security, networking and cloud related technology information as @vCloudernBeer picked up on his search for his destiny in the cloud. (LinkedIn: https://www.linkedin.com/in/chowanthony)

Monday, November 17, 2014

OpenStack Series (Part 17): Congress – Policy Service

Congress is an OpenStack project to provide policy as a service across
any collection of cloud services in order to offer governance and compliance for dynamic infrastructures.

The demand of a contemporary data center is agility. Traditional policy enforcement done manually is not meeting this specific need.

We can see IT vendors is favoring to use policy for their products. For example:

One objective for OpenStack Congress is to provide an abstraction layer/As a Service with a common interface to apply policy or policies to elements in the OpenStack Infrastructure.

There are 2 specific purpose/function outlined for OpenStack Congress - governance and compliance.

Governance
The first purpose of OpenStack Congress is governance which is to use a high level declarative language to define the stat of the cloud infrastructure. Puppet is a declarative language and so is OpenStack Heat Template. Declarative mean, only the desired end state is specified without giving detail or step by step instruction as to how to attain the desired end state.

The declarative language used by OpenStack Congress is Datalog which is basically SQL with syntax that is closer to traditional/procedural programming language. Extracted from OpenStack Documentation the grammar of this declarative languages are:

Monitoring is an important element of OpenStack Congress for enforcing policy reactively and interactively. I can see that OpenStack is interacting with OpenStack Keystone, OpenStack Heat and OpenStack Mistral. Not sure how Congress is doing the monitoring function. I would think the best fit is to interact with OpenStack Ceilometer. I will have to find out and update this section.

Use Cases for Congress
If you want to look into OpenStack Congress beside reading the official OpenStack document, you must take a look at this article (part 1) and this article (part 2). As of this writing not much blog post or documentation is available for this subject.

OpenStack Document outlined a few use cases and this article by Tim Hinrichs and Scott Lowe has 4 specific use cases called for OpenStack Congress.

In the coming days I am sure there will be more use cases as this project moves to maturity and integrate into the OpenStack release. In the Juno release there is ground works done in Nova to support NFV which is again a hot topic.